MCPcopy
hub / github.com/multica-ai/multica / requireDaemonWorkspaceAccess

Method requireDaemonWorkspaceAccess

server/internal/handler/daemon.go:40–68  ·  view source on GitHub ↗

--------------------------------------------------------------------------- Daemon workspace ownership helpers --------------------------------------------------------------------------- requireDaemonWorkspaceAccess verifies the caller has access to the given workspace. For daemon tokens (mdt_), com

(w http.ResponseWriter, r *http.Request, workspaceID string)

Source from the content-addressed store, hash-verified

38// For daemon tokens (mdt_), compares the token's workspace ID directly.
39// For PAT/JWT fallback, verifies user membership in the workspace.
40func (h *Handler) requireDaemonWorkspaceAccess(w http.ResponseWriter, r *http.Request, workspaceID string) bool {
41 if workspaceID == "" {
42 writeError(w, http.StatusNotFound, "not found")
43 return false
44 }
45
46 // Daemon token: workspace must match.
47 if daemonWsID := middleware.DaemonWorkspaceIDFromContext(r.Context()); daemonWsID != "" {
48 if daemonWsID != workspaceID {
49 writeError(w, http.StatusNotFound, "not found")
50 return false
51 }
52 return true
53 }
54
55 // PAT/JWT fallback: check membership cache before hitting DB.
56 userID := requestUserID(r)
57 if userID != "" {
58 if h.MembershipCache.Get(r.Context(), userID, workspaceID) {
59 return true
60 }
61 }
62
63 _, ok := h.requireWorkspaceMember(w, r, workspaceID, "not found")
64 if ok && userID != "" {
65 h.MembershipCache.Set(r.Context(), userID, workspaceID)
66 }
67 return ok
68}
69
70// requireDaemonRuntimeAccess looks up a runtime and verifies the caller owns its workspace.
71//

Calls 5

requestUserIDFunction · 0.85
writeErrorFunction · 0.70
GetMethod · 0.65
SetMethod · 0.45